CVE-2021-21787
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A privilege escalation vulnerability exists in the way IOBit Advanced SystemCare Ultimate 14.2.0.220 driver handles Privileged I/O write requests. During IOCTL 0x9c40a0d8, the first dword passed in the input buffer is the device port to write to and the byte at offset 4 is the value to write via the OUT instruction. The OUT instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users.
Se presenta una vulnerabilidad de escalada de privilegios en la forma en que el controlador IOBit Advanced SystemCare Ultimate versión 14.2.0.220, maneja las peticiones de escritura de I/O con Privilegios. Durante IOCTL 0x9c40a0d8, el primer dword pasado en el buffer de entrada es el puerto del dispositivo para escribir y el byte en el offset 4 es el valor para escribir por medio de la instrucción OUT. Un atacante local puede enviar un IRP malicioso para activar esta vulnerabilidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-04 CVE Reserved
- 2021-07-07 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-782: Exposed IOCTL with Insufficient Access Control
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1254 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Iobit Search vendor "Iobit" | Advanced Systemcare Ultimate Search vendor "Iobit" for product "Advanced Systemcare Ultimate" | 14.2.0.220 Search vendor "Iobit" for product "Advanced Systemcare Ultimate" and version "14.2.0.220" | - |
Affected
|